The JavaScript community is grappling with a new software supply-chain attack: a malware dubbed Shai-Hulud has poisoned hundreds of packages in the npm registry. This malicious campaign – referred to by its authors as “Sha1-Hulud: The Second Coming” – exceeds the scale of the worm’s first appearance in September 2025. Over the span of a…
Executive Summary Between May and November 2025, threat actor UAC-0241 conducted a campaign against educational institutions and government bodies in eastern Ukraine. The attack involved a compromised Gmail account distributing a ZIP archive containing a malicious LNK that triggered an HTA → JS → PowerShell execution chain. This led to the deployment of LAZAGNE, several…
Analyzing the Cycle of Cyber Retaliation Executive Summary The correlation between geopolitical tensions and cyber threat intensity is well-established, yet its temporal and sequential mechanics follow a precise model that defense teams must master. Analysis of recent conflicts reveals a standardized threat lifecycle: For CERTs and CSIRTs: Monitoring geopolitical indicators must now trigger specific vigilance…
